Secondary backup DNS www record

  • Thread starter Thread starter Dan Williams
  • Start date Start date
D

Dan Williams

We have DNS setup in an Active Directory Windows 2000/XP domain and
our www host record for our domain is pointing to a local IP intranet
site (i.e. 192.168.0.101).

We have recently setup an additional domain controller in a remote
location and have it connected to our existing SBS2k server via a
hardware VPN link.

I'd like to be able to configure our DNS servers so that the
workstations at our remote site access our www intranet site via its
own Windows 2000 server (ie. 192.168.13.1) rather than the web server
at our other site.

Is there anyway i can do this so that depending on which site people
are at, they access the intranet site via the closest web server to
them. Obviously, this replies on both web servers having the same
content, but that i can arrange.

I'd also like to be able to configure this so that it our new remote
web server could act as a backup incase the primary web server is down
(and vice versa).

Thanks in advance.

Dan Williams.
 
Dan Williams said:
I'd like to be able to configure our DNS servers so that the
workstations at our remote site access our www intranet site via its
own Windows 2000 server (ie. 192.168.13.1) rather than the web server
at our other site.
Click to expand...


Contrary to another poster, you can APPROACH this
behavior but cannot guarantee it.

By default, Win2000+ stations use "netmask ordering"
and Win2000+ DNS servers offer "subnet prioritization"
which attempts to make it work the way you wish.

It should already be working that way.

Make sure that the DNS server (Advanced properties) has
the "check box" selected to allow this.

The server side feature only works if the clients are on
the "same net" using default masks (like Class A, B, or C)
I believe.

And the client feature will only work if the "web server"
locally is on their net OR a better match.

(in other words) How to make it NOT work:

Two subnets at remote.
Subnets at main office with other web servers.
We server on one subnet.
Clients on another subnet.

If the clients cannot determine that the nearby web server
is a better match, they will use no preference.
 
Any pointers on how i go about setting this up?

I was wondering how web sites such as Yahoo manage to do it? For
example, if i ping www.yahoo.com i get 216.109.117.204 one time, but
as soon as i repeat the process i get a completely different ip
address. I take it they have several web servers setup for a high
percentage of uptime.

Can i simply add multiple www host records on our DNS servers?

Dan
 
In
Dan Williams said:
Any pointers on how i go about setting this up?

I was wondering how web sites such as Yahoo manage to do it? For
example, if i ping www.yahoo.com i get 216.109.117.204 one time, but
as soon as i repeat the process i get a completely different ip
address. I take it they have several web servers setup for a high
percentage of uptime.

Can i simply add multiple www host records on our DNS servers?

Dan
Click to expand...

Actually subnet priortization is documented in the helpfiles. There's the
DNS whitepapers as well:

As far as Yahoo, Microsoft and other large sites with server farms, they're
controlled by devices similar to Dell's BigIP, if not that itself. They can
also be done by Round Robin, depening on what they thought best at time of
design. Even if different IPs on different subnets, with Round Robin you
just create the same name mutliple times and just give it different IPs.

Here are some links for you:

How can I enable or disable subnet prioritization on the DNS server:
http://www.winnetmag.com/Article/ArticleID/27027/27027.html

Prioritizing local subnets:
http://www.microsoft.com/technet/tr...atacenter/sag_DNS_imp_LocalSubnetPriority.asp

What is DNS round robin and subnet prioritization:
http://www.winnetmag.com/Article/ArticleID/27025/27025.html

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Not that www.yahoo.com is a cname for www.yahoo.akadns.net. The akadns.net.
NSs are special that load balance the records for their customers. You will
also notice they have a 30sec TTL. So other DNS servers (i.e. your local
one, your isp, etc.) get those records once, then cache them for 30 seconds
before making another request to an akadns.net NS and could then get another
list of different A records. The DNS server is then free to Round robin
and/or subnet mask these A records. You will notice public servers like
4.2.2.2 round robin these records, so you "normally" will see a different
first A record after each query. Note however, the Bind servers do not use
true round robin (as ms does). They pick a random first record in the
rrSet, then round robin the remaining records. So you can figure that
sometimes you will get the same rrSet back from one query to the next (odds
go up with less records.)

It sounds like you need netmask ordering only. Turn off round robin on the
dns servers and make sure netmask ordering is on. You can have both on, but
it will round robin all the records, then pick a matching A record in the
subnet and put it first.
 
Thanks, Ace. Just to clarify, this is what necessitated my initial "Not in
DNS" response:

Prioritization or Round-Robin will not achieve this goal. Of course, he may
get a 50-50 chance of hitting the remaining web server when one is down, or
he may not. I admit I should have clarified that from the beginning,
but.....

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon


"Ace Fekay [MVP]"
 
I'd also like to be able to configure this so that it our new remote
Prioritization or Round-Robin will not achieve this goal. Of course, he may
get a 50-50 chance of hitting the remaining web server when one is down, or
he may not. I admit I should have clarified that from the beginning,
but.....
Click to expand...

Sorry, but you have it backwards (for almost all clients).

Round robin, and schemes like subnet prioritization will
FAIL when the "chosen server" is down -- almost no
clients will "fail over" to the "other servers". There are
however exceptions for some specific clients and services
(SMTP comes to mind.)

On the other hand, if they are all up (or at least the best choice
is up) the Subnet Prioritization and/or Netmask Ordering
WILL cause the clients to choose the local server IF the
address and mask combination offer a clear distinction.

(I explained in another post how this "distinction" might NOT
be sufficient.)
 
At the risk of prolonging this thread unnecessarily, let me add that I do
not believe that Akamai is doing their load-balancing thru DNS, so the Yahoo
reference has no bearing here. I certainly invested in a hardware
load-balancer (F5) when I had to do something like this. DNS (Bind or MS) is
NOT intended for this purpose. Even though I've been known to be wrong
before, this is not one of the cases.

And, Herb. A little courtesy wouldn't hurt, please. I hardly know you.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
Never said DNS was *doing the load-balancing. External process(es) are
updating the NSs dynamically. One or more dns servers get the updates from
the "balance" processes and answer queries as any normal dns server would -
how the records get updated is not important as that could be any back-end
process such as nsupdate, etc.
 
If your being technical, I don't think it is 50-50. If using bind, it is
random for round robin. If using w2k, it cycles around in order. So the
odds would depend on number of NS records in the rrSet. Intervening servers
can also round robin its' cached rrset, so this mixes them again. IIRC,
failover nor load balancing was the OP question. That was a splinter
question and we all know DNS can only sim load balancing, but with help, can
be used to get close to load balancing and can be used to remove failed
hosts, etc. The OP question was how to ensure subnet prio for local
network. I think that has been addressed already.
 
Moreover, SRV records allow true load balancing using DNS. You still need
more on the backend to update the srv records, but srv records where
designed for this task. Current http clients such as IE will need to
support this. However current clients such as netlogin service do
understand srv records and use them for this purpose. Actually, this would
be a very easy update to make in IE and could just be a Windows Update at
some point.
 
In
Deji Akomolafe said:
At the risk of prolonging this thread unnecessarily, let me add that
I do not believe that Akamai is doing their load-balancing thru DNS,
so the Yahoo reference has no bearing here. I certainly invested in a
hardware load-balancer (F5) when I had to do something like this. DNS
(Bind or MS) is NOT intended for this purpose. Even though I've been
known to be wrong before, this is not one of the cases.

And, Herb. A little courtesy wouldn't hurt, please. I hardly know you.
Click to expand...

I guess you got your question answered. In most cases, a device such as
BigIP will do the trick, but as William mentioned, DNS is limited in what it
could do and that goes with what you mentioned.

As for Herb, that's Herb.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
AFAICT, BigIP will load balance connections to *it's IP to (N) backend
servers. It does not handle the remaining issue of dns handing out lame IPs
as the akami tech does so you can still end up hitting a down server. The A
records could be pointing to BigIP servers (or other load balancers), or
not - does not really matter for what I am talking about. To remove an A
record or add others (say that BigIP server went down or new one goes up)
dynamically requirers other tech behind the dns server(s). BTW - That
sounds like a very $$ product - yes?
 
Stacey, look more into BigIP. Transparent failover of resources is a
long-standing feature of BigIP.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
In
William Stacey said:
AFAICT, BigIP will load balance connections to *it's IP to (N) backend
servers. It does not handle the remaining issue of dns handing out
lame IPs as the akami tech does so you can still end up hitting a
down server. The A records could be pointing to BigIP servers (or
other load balancers), or not - does not really matter for what I am
talking about. To remove an A record or add others (say that BigIP
server went down or new one goes up) dynamically requirers other tech
behind the dns server(s). BTW - That sounds like a very $$ product -
yes?
Click to expand...

Yes, costly. Need to justify its cost. But as Deji said, it does offer fault
tolerance and transparent failover from one server to another in the farm.
Can't see a small organization getting one of these puppies.

Cheers!



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
I am sure it is great. However transparent failover is does not address the
dns issue I am talking about.
 
And, Herb. A little courtesy wouldn't hurt, please. I hardly know you.
I guess you got your question answered. In most cases, a device such as
BigIP will do the trick, but as William mentioned, DNS is limited in what it
could do and that goes with what you mentioned.

As for Herb, that's Herb.
Click to expand...

What does he want me to do, apoligize for his errors?

I didn't criticize the poster, but it seems simple to just
correct technical mistakes without apologies or hand
waving.

If I make a mistake, I would appreciate such simple
correct with TECHNICAL EXPLANATIONS.
 
What does he want me to do, apoligize for his errors?

That statement about sums it up. It is the tone. You don't have to "zing"
people to get a technical point across.
If I make a mistake, I would appreciate such simple
correct with TECHNICAL EXPLANATIONS.
Click to expand...

Good advise. Give it a try.
 
Back
Top